A new report found that around a million two-factor authentication codes sent by text message appear to have been intercepted.
A tech industry whistleblower revealed that the 2FA security codes passed through an obscure foreign company with links to government intelligence agencies and companies engaged in digital surveillance …
SMS 2FA codes
Two-factor authentication (2FA) codes are intended to protect your accounts even if your login details have been obtained by hackers. If you have 2FA enabled, then after your password has been confirmed you’ll be prompted to enter a 6-digit code to prove your identify.
That code can be provided by an authenticator app with a rolling code linked to your account, or the website or app can text it to you on your registered mobile number.
The problem with the latter option is that SMS comms is completely unencrypted, so these codes are vulnerable to interception in the telecoms network.
A million codes intercepted
A whistleblower has come forward to report an interception program, providing Bloomberg with evidence to support the claim.
An industry whistleblower provided Bloomberg Businessweek and the investigative newsroom Lighthouse Reports with nonpublic phone networking data related to a batch of about 1 million messages carrying two-factor authentication codes sent during June 2023. Each one passed through the hands of an obscure Swiss outfit named Fink Telecom Services. The company and its founder have worked with government spy agencies and surveillance industry contractors to surveil mobile phones and track user location […] Senders include Google, Meta and Amazon.com, several European banks, popular apps such as Tinder and Snapchat, the cryptocurrency exchange Binance and encrypted chat platforms Signal and WhatsApp. The intended recipients were located in more than 100 countries across five continents.
That means a hacker – including a government agency – with access to your username and password could successfully login to your accounts even when 2FA is enabled.
... continue reading